Merge pull request systemd#22923 from poettering/userns-check-refactor

bluca · web-flow · commit 58270534bf5d · 2022-03-31T22:11:03.000+01:00
virt: minor running_in_userns() modernizations
diff --git a/src/basic/virt.c b/src/basic/virt.c
@@ -12,6 +12,7 @@
 #include "cgroup-util.h"
 #include "dirent-util.h"
 #include "env-util.h"
+#include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "macro.h"
@@ -791,10 +792,7 @@ int detect_virtualization(void) {
 
 static int userns_has_mapping(const char *name) {
         _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_free_ char *buf = NULL;
-        size_t n_allocated = 0;
-        ssize_t n;
-        uint32_t a, b, c;
+        uid_t a, b, c;
         int r;
 
         f = fopen(name, "re");
@@ -803,19 +801,17 @@ static int userns_has_mapping(const char *name) {
                 return errno == ENOENT ? false : -errno;
         }
 
-        n = getline(&buf, &n_allocated, f);
-        if (n < 0) {
-                if (feof(f)) {
-                        log_debug("%s is empty, we're in an uninitialized user namespace", name);
-                        return true;
-                }
+        errno = 0;
+        r = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &a, &b, &c);
+        if (r == EOF) {
+                if (ferror(f))
+                        return log_debug_errno(errno_or_else(EIO), "Failed to read %s: %m", name);
 
-                return log_debug_errno(errno, "Failed to read %s: %m", name);
+                log_debug("%s is empty, we're in an uninitialized user namespace", name);
+                return true;
         }
-
-        r = sscanf(buf, "%"PRIu32" %"PRIu32" %"PRIu32, &a, &b, &c);
-        if (r < 3)
-                return log_debug_errno(errno, "Failed to parse %s: %m", name);
+        if (r != 3)
+                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to parse %s: %m", name);
 
         if (a == 0 && b == 0 && c == UINT32_MAX) {
                 /* The kernel calls mappings_overlap() and does not allow overlaps */
@@ -840,19 +836,18 @@ int running_in_userns(void) {
         if (r != 0)
                 return r;
 
-        /* "setgroups" file was added in kernel v3.18-rc6-15-g9cc46516dd. It is also
-         * possible to compile a kernel without CONFIG_USER_NS, in which case "setgroups"
-         * also does not exist. We cannot distinguish those two cases, so assume that
-         * we're running on a stripped-down recent kernel, rather than on an old one,
-         * and if the file is not found, return false.
-         */
-        r = read_one_line_file("/proc/self/setgroups", &line);
+        /* "setgroups" file was added in kernel v3.18-rc6-15-g9cc46516dd. It is also possible to compile a
+         * kernel without CONFIG_USER_NS, in which case "setgroups" also does not exist. We cannot
+         * distinguish those two cases, so assume that we're running on a stripped-down recent kernel, rather
+         * than on an old one, and if the file is not found, return false. */
+        r = read_virtual_file("/proc/self/setgroups", SIZE_MAX, &line, NULL);
         if (r < 0) {
                 log_debug_errno(r, "/proc/self/setgroups: %m");
                 return r == -ENOENT ? false : r;
         }
 
-        truncate_nl(line);
+        strstrip(line); /* remove trailing newline */
+
         r = streq(line, "deny");
         /* See user_namespaces(7) for a description of this "setgroups" contents. */
         log_debug("/proc/self/setgroups contains \"%s\", %s user namespace", line, r ? "in" : "not in");
